Google Cloud Memorystore for Valkey Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Databases

Category

Databases

1. Introduction

Memorystore for Valkey is a managed, in-memory key-value datastore service on Google Cloud designed for low-latency access patterns such as caching, session storage, counters, rate limiting, and pub/sub messaging—using the Valkey open-source engine (a community-driven fork that is protocol-compatible with Redis for many clients and commands).

In simple terms: you create a Memorystore for Valkey instance, Google Cloud runs and maintains the Valkey servers for you, and your applications connect to it over a private IP address in your VPC to read/write keys in milliseconds (often sub-millisecond) without managing VMs, patching, or failover scripts.

Technically, Memorystore for Valkey is part of Google Cloud’s managed “Memorystore” family in the Databases category. It provisions Valkey capacity inside a Google-managed service perimeter and attaches it to your VPC networking (typically via private connectivity). You get operational features like automated maintenance, monitoring integration, and (depending on the service tier/edition) high availability options.

What problem it solves: teams frequently need an extremely fast data layer for ephemeral or semi-ephemeral data (cache entries, tokens, sessions, deduplication keys, leaderboard counters). Running Valkey yourself can be operationally heavy—especially around patching, availability, backups/persistence, and monitoring. Memorystore for Valkey offloads much of that undifferentiated work while keeping the familiar Valkey/Redis-compatible data model and client libraries.

Naming and lifecycle note: “Memorystore for Valkey” is a distinct Google Cloud service name. Google Cloud also offers other Memorystore options (for example, Memorystore for Redis and Memorystore for Memcached). Always verify the latest product positioning and feature set in the official docs because managed cache products evolve quickly.

---

2. What is Memorystore for Valkey?

Official purpose

Memorystore for Valkey provides a fully managed Valkey datastore on Google Cloud, intended primarily for in-memory workloads requiring very low latency and high throughput.

Core capabilities (high level)

• Managed provisioning of Valkey capacity (instance creation, sizing).
• Network-accessible endpoint (typically private IP) for applications in your VPC.
• Operational integration with Google Cloud tooling (Monitoring, Logging where applicable).
• Service-managed maintenance and upgrades (service-defined windows/behavior vary—verify in official docs).

Major components

• Valkey instance: the managed datastore you create (capacity, region, networking).
• Networking attachment: connectivity to a VPC network/subnet (private access model).
• Control plane: Google-managed APIs and console workflows for lifecycle operations (create/resize/delete, maintenance events).
• Observability hooks: metrics and events surfaced through Google Cloud Monitoring and related consoles (exact metrics vary—verify in official docs).

Service type

• Managed in-memory datastore (cache / ephemeral data platform) in the Databases category.

Scope and locality (how “big” the service is)

This typically depends on how Google Cloud offers the service in your region: – Project-scoped: created inside a Google Cloud project. – Region and/or zone scoped: you choose a location when provisioning (commonly regional for managed database services, but verify the exact location model for Memorystore for Valkey in your region). – VPC-connected: intended to be accessed from workloads inside your VPC network (Compute Engine, GKE, Cloud Run via VPC connector, etc.).

How it fits into the Google Cloud ecosystem

Memorystore for Valkey is commonly used alongside: – Compute Engine and Google Kubernetes Engine (GKE) for application hosting. – Cloud Run (via Serverless VPC Access) for private access to the instance. – Cloud Monitoring for latency/CPU/memory and connection metrics. – Secret Manager (when using AUTH credentials or app config values—verify auth model). – VPC, Firewall rules, and (often) private service networking for private connectivity.

---

3. Why use Memorystore for Valkey?

Business reasons

• Faster time-to-market: avoid building and maintaining your own Valkey cluster on VMs.
• Reduced operational burden: patching, maintenance orchestration, and basic reliability controls move to the managed service.
• Predictable performance for common cache patterns: designed for high-throughput reads/writes.

Technical reasons

• Microsecond-to-millisecond access patterns suitable for caching and hot data.
• Common Valkey/Redis-compatible clients: your apps can often reuse existing Redis client libraries (validate command compatibility for your app).
• Simple data structures: strings, hashes, lists, sets, sorted sets, and related primitives (exact supported commands depend on service configuration—verify in official docs).

Operational reasons

• Managed upgrades/maintenance with service controls (timing and impact vary—verify).
• Integrated monitoring for capacity, connections, and performance signals.
• Simplified scaling workflow (vertical scaling is commonly supported; horizontal/sharded scaling depends on product variant—verify).

Security/compliance reasons

• Private networking patterns: keep datastore traffic on internal IP space rather than the public internet.
• IAM-controlled administration: control who can create/modify instances via Google Cloud IAM.
• Auditability: administrative actions can be tracked via Cloud Audit Logs.

Scalability/performance reasons

• Good fit when you need:
• High QPS (queries per second) for reads/writes.
• Consistently low p99 latency for hot keys.
• Fast atomic operations (INCR, SETNX, etc.) for counters and rate limiting.

When teams should choose it

Choose Memorystore for Valkey when: – Your dataset is cache-like (recomputable, TTL-based, derived from a system of record). – You need fast session/token storage. – You need atomic counters/locks (with careful design). – You want managed operations and private connectivity in Google Cloud.

When teams should not choose it

Avoid (or be cautious) if: – You need a system of record with strong durability guarantees (use Cloud SQL, Spanner, Firestore, etc.). – Your workload requires multi-region active-active data consistency (typical cache semantics do not provide this). – You require large datasets that exceed practical in-memory economics. – You need complex querying (Valkey is key-based, not a query engine). – You need strict durability and auditable history for compliance (caches are usually not the right primary store).

---

4. Where is Memorystore for Valkey used?

Industries

• E-commerce (carts, catalog caches, flash sale throttling)
• Media/streaming (content metadata caching)
• FinTech (rate limiting, anti-fraud signals caching)
• SaaS (session management, tenant config caches)
• Gaming (leaderboards, matchmaking state)
• AdTech/MarTech (real-time counters, dedup keys)
• Logistics (tracking and status caching)

Team types

• Platform engineering teams standardizing shared caching
• SRE teams improving latency and reducing database load
• Backend and API teams building read-heavy services
• Data engineering teams caching expensive computations (carefully)

Workloads

• API response caching
• Session/token storage
• Leaderboards and counters
• Rate limiting and quotas
• Pub/Sub-style ephemeral signaling (where appropriate)
• Feature flag and configuration caching (not as system of record)

Architectures

• Microservices needing a shared low-latency cache
• Event-driven architectures that require deduplication keys
• Hybrid architectures where system of record is Cloud SQL/Spanner/BigQuery and cache is Valkey

Real-world deployment contexts

• Production: sized for traffic, monitored, usually configured for higher availability (tier-dependent).
• Dev/test: smaller instances to validate cache integration and behavior under TTL/eviction.

---

5. Top Use Cases and Scenarios

Below are realistic scenarios where Memorystore for Valkey fits well.

1) API response cache

• Problem: repeated requests cause high load on backend databases.
• Why it fits: Valkey can store serialized responses keyed by request parameters with TTL.
• Example: /products?category=shoes&page=1 cached for 30 seconds during peak traffic.

2) Session store for web apps

• Problem: stateless services still need fast session validation and lookup.
• Why it fits: quick get/set for session tokens, with TTL and automatic expiration.
• Example: store session {user_id, scopes, last_seen} keyed by sess:<token>.

3) Rate limiting / throttling

• Problem: prevent abuse and protect downstream systems.
• Why it fits: atomic increments and expirations enable token-bucket or fixed-window counters.
• Example: INCR rate:<ip>:<minute> with EXPIRE 60.

4) Distributed locking (with caution)

• Problem: coordinate work across multiple workers.
• Why it fits: primitives like SET key value NX PX <ms> can implement locks.
• Example: worker acquires lock lock:invoice:123 for 10 seconds before processing.
• Caveat: distributed locking is tricky; verify correctness and consider specialized patterns.

5) Leaderboards

• Problem: maintain ranked lists updated frequently.
• Why it fits: sorted sets support score updates and rank queries.
• Example: ZINCRBY leaderboard:weekly 10 user:42 and ZREVRANGE for top N.

6) Shopping cart cache

• Problem: cart reads/writes must be quick; DB writes can be asynchronous.
• Why it fits: store cart state with TTL and periodic persistence to a system of record.
• Example: HSET cart:<user> sku123 2.

7) Feature flag and config caching

• Problem: config retrieval from database adds latency.
• Why it fits: cache config per tenant with versioning; refresh on changes.
• Example: GET cfg:tenantA:v17 cached for 5 minutes.

8) Deduplication keys for event processing

• Problem: event-driven systems can re-deliver messages; duplicates cause side effects.
• Why it fits: SETNX or SET ... NX with TTL provides idempotency keys.
• Example: SET event:<id> 1 NX EX 86400 before processing.

9) Real-time presence or ephemeral state

• Problem: track online users or ephemeral signals.
• Why it fits: sets and TTL keys model presence efficiently.
• Example: SADD room:123:online user:42, refresh TTL periodically.

10) Cache for expensive computations

• Problem: CPU-heavy computations slow response times.
• Why it fits: store computed results keyed by input hash.
• Example: cache recommendation results for user segments for 60 seconds.

11) Queue-like worker coordination (lightweight)

• Problem: simple job dispatch without a full queue service.
• Why it fits: lists can implement push/pop semantics.
• Example: LPUSH jobs email:123, workers BRPOP jobs.
• Caveat: for durable queues, consider Pub/Sub or Cloud Tasks.

12) Request coalescing (stampede protection)

• Problem: cache miss causes many concurrent expensive recomputations (“thundering herd”).
• Why it fits: locks + short-lived “in progress” markers reduce duplicate work.
• Example: first request sets lock:report:<id>; others wait/backoff.

---

6. Core Features

Note: exact feature availability can depend on tier/edition/region. Where details may vary, this tutorial explicitly says “Verify in official docs.”

Managed Valkey provisioning

• What it does: creates a Valkey datastore instance without managing servers.
• Why it matters: removes VM provisioning, OS tuning, and manual deployments.
• Practical benefit: faster setup, fewer moving parts for common cache patterns.
• Caveats: instance capacity and configuration options are constrained to supported SKUs.

Private connectivity from your VPC

• What it does: provides an internal endpoint accessible from your Google Cloud VPC.
• Why it matters: reduces exposure and simplifies secure access.
• Practical benefit: applications connect using internal IP; traffic stays internal.
• Caveats: you may need private service networking / Private Service Access configuration—verify in official docs.

Operational automation (maintenance and patching)

• What it does: Google manages underlying maintenance tasks.
• Why it matters: reduces operational toil and security patch lag.
• Practical benefit: fewer urgent “patch now” windows for cache servers.
• Caveats: maintenance can still cause performance impact depending on configuration; plan for it.

High availability options (tier-dependent)

• What it does: provides redundancy/failover patterns (commonly primary/replica).
• Why it matters: cache outages can cause cascading failures and DB overload.
• Practical benefit: improved resilience and faster recovery in many failure modes.
• Caveats: HA design, failover behavior, and SLA vary—verify in official docs.

Scaling (capacity changes)

• What it does: lets you increase (and sometimes decrease) capacity.
• Why it matters: cache sizing is often iterative and traffic-driven.
• Practical benefit: adjust memory to avoid evictions and latency spikes.
• Caveats: resizing can cause brief disruption or rebalancing effects; test and schedule.

Metrics and monitoring integration

• What it does: exposes performance/health signals.
• Why it matters: caching issues often show up as latency, evictions, or connection churn.
• Practical benefit: alert early on memory pressure and error rates.
• Caveats: exact metric names and coverage vary—verify in official docs.

IAM-based administrative control

• What it does: controls who can create/modify/delete instances.
• Why it matters: prevents accidental deletion and enforces separation of duties.
• Practical benefit: least privilege for operators and automation.
• Caveats: IAM controls the service management plane; data-plane auth is separate (if supported).

Compatibility with Redis protocol (Valkey)

• What it does: Valkey speaks the Redis protocol; many Redis clients work.
• Why it matters: reduces app changes and supports common patterns.
• Practical benefit: use familiar commands (GET/SET, TTL, hashes, sets, etc.).
• Caveats: confirm your required Redis module/command support; managed services may restrict some commands.

---

7. Architecture and How It Works

High-level service architecture

At a high level, Memorystore for Valkey consists of: – A control plane (Google-managed API) that provisions and manages instances. – A data plane (Valkey nodes) that serves your requests on an internal endpoint. – A networking model that attaches the instance to your VPC so your apps can connect privately.

Request / data / control flows

• Control flow: you (or CI/CD automation) create and manage instances via Google Cloud Console, gcloud, or APIs. IAM governs who can do this.
• Data flow: your application connects to the Valkey endpoint (IP:port) over internal networking and executes Valkey commands.
• Observability flow: metrics and events flow to Cloud Monitoring (and sometimes logs/audit events flow to Cloud Logging / Cloud Audit Logs).

Integrations with related Google Cloud services

Common integration patterns include: – GKE: workloads in a cluster connect via VPC-native networking. – Compute Engine: VMs in the same VPC connect directly. – Cloud Run: use Serverless VPC Access to reach the private endpoint. – Cloud Monitoring: dashboards and alerting for capacity, latency indicators. – Cloud Audit Logs: track instance lifecycle changes.

Dependency services

Depending on how Memorystore for Valkey is implemented in your environment, you may need: – A VPC network and subnet(s). – Potentially Service Networking API and a configured private service connection (common for managed services using private IP). Verify in official docs for exact prerequisites.

Security / authentication model

• Admin plane: governed by IAM (who can create/resize/delete).
• Data plane: typically gated by private networking; additional auth (like AUTH) and/or in-transit encryption may be available depending on tier/feature—verify in official docs.

Networking model

Most managed caches on Google Cloud follow one of these patterns: – Private IP in your VPC (common), reachable only from internal networks (and optionally via VPN/Interconnect). – Connectivity controlled by VPC firewall rules and routing. – Private service connectivity constructs might be required (Private Service Access / Private Service Connect)—verify which applies to Memorystore for Valkey in your region.

Monitoring, logging, governance considerations

• Monitor memory usage, evictions, connections, CPU, and latency indicators.
• Use Cloud Audit Logs to monitor administrative actions.
• Apply labels (team, env, cost-center) and consistent naming for cost allocation and incident response.

Simple architecture diagram (Mermaid)

flowchart LR
  A[App on Compute Engine / GKE / Cloud Run] -->|Valkey protocol| B[(Memorystore for Valkey\nPrivate Endpoint)]
  A --> C[Cloud Monitoring Alerts/Dashboards]
  D[Operator/CI-CD] -->|Create/Resize| E[Google Cloud Control Plane]
  E --> B

Production-style architecture diagram (Mermaid)

flowchart TB
  subgraph VPC["Google Cloud VPC (prod)"]
    subgraph APP["Application tier"]
      LB[External HTTPS Load Balancer]
      SRV[Services on GKE or MIG]
      LB --> SRV
    end

    subgraph DATA["Data tier"]
      SQL[(Cloud SQL / Spanner\nSystem of record)]
      CACHE[(Memorystore for Valkey\nPrivate endpoint)]
    end

    SRV -->|Read-through cache| CACHE
    SRV -->|Fallback reads/writes| SQL
  end

  subgraph OPS["Ops & Governance"]
    MON[Cloud Monitoring]
    LOG[Cloud Logging / Audit Logs]
    IAM[IAM]
  end

  SRV --> MON
  CACHE --> MON
  IAM -->|Controls admin actions| CACHE
  CACHE --> LOG

---

8. Prerequisites

Account / project requirements

• A Google Cloud account with access to a Google Cloud project.
• Billing enabled on the project.

Permissions / IAM roles

You need permissions to: – Enable required APIs. – Create and manage Memorystore for Valkey instances. – Create networking resources (if required). – Create a VM or GKE/Cloud Run resources for connectivity testing.

Typical roles (choose least privilege): – Memorystore admin role for the relevant product (exact role name can differ—verify in official docs). – roles/compute.admin or narrower roles to create a test VM and firewall rules. – roles/servicenetworking.admin if you must configure private service connectivity (verify).

Tools

• Google Cloud Console (web UI).
• Cloud Shell (recommended) or local workstation with:
• gcloud CLI
• redis-cli or a Valkey-compatible CLI client (many Redis tool packages include redis-cli)
• openssl (optional, for TLS testing if supported)

Region availability

• Memorystore for Valkey availability can be region-specific.
• Pick a region close to your application workloads.
• Verify in official docs which regions support Memorystore for Valkey and which tiers are available.

Quotas / limits

Common limits to plan for: – Number of instances per project/region. – Maximum instance size. – Network address space requirements for private connectivity. – Connection limits per instance (depends on sizing and service limits).

Check Quotas in the Google Cloud Console and the Memorystore for Valkey documentation for current limits.

Prerequisite services / APIs

You will typically need: – The API for Memorystore for Valkey (name may differ—verify in official docs). – Compute Engine API (for the test VM). – Possibly Service Networking API (for private connectivity)—verify.

---

9. Pricing / Cost

Memorystore for Valkey pricing is usage-based, but the exact SKUs and dimensions can vary by region and tier/edition. Do not rely on blog posts for pricing—use the official pricing page and the pricing calculator.

Pricing dimensions (typical for managed in-memory datastores)

Expect some combination of: – Provisioned capacity (memory size) billed per unit time (hourly). – Tier/HA selection (single node vs highly available) affecting cost. – Regional placement and any replica requirements affecting cost. – Potential charges for network egress (especially cross-region or to the internet, though caches are usually private and in-region).

Official pricing: start from Google Cloud Memorystore pricing and select the Valkey offering if listed.
Pricing page (entry point): https://cloud.google.com/memorystore/pricing
Pricing calculator: https://cloud.google.com/products/calculator

Free tier

Google Cloud’s free tier offerings change over time and may not apply to managed Memorystore products. Verify in official docs and the pricing page whether any free tier or trial credits apply.

Primary cost drivers

• Size of the instance (GB provisioned).
• High availability configuration (if replicas are billed separately or included in the SKU).
• Number of instances (dev/test environments often multiply costs).
• Uptime (instances billed while running; stopped mode may not exist for managed caches).

Hidden or indirect costs

• Data transfer:
• Cross-zone and cross-region traffic can add egress charges.
• Serverless access (Cloud Run) via connectors can introduce networking costs depending on architecture.
• Compute costs for clients:
• A bastion VM for management/testing costs money if left running.
• Monitoring/Logging:
• Metrics are generally included, but logs and custom metrics can incur costs.

Storage/compute/API/request pricing factors

• Managed caches are usually priced by provisioned capacity rather than per-request.
• Control plane API calls are typically not the main cost driver, but check quotas.

How to optimize cost

• Start with the smallest instance that matches your dev/test needs.
• Use TTL aggressively so the cache doesn’t require oversized memory.
• Avoid cross-region cache access; keep cache and apps in the same region.
• Prefer read-through caching rather than caching everything forever.
• Use key design to avoid memory bloat (short keys, compact values, compression where appropriate).
• Delete non-production instances when not in use (in many orgs, dev caches are forgotten).

Example low-cost starter estimate (no fabricated prices)

A realistic “starter” approach: – One small instance in a single region for a dev environment. – One small Compute Engine VM for testing for less than an hour. – Minimal data transfer (same region).

To get an accurate number: 1. Open the Google Cloud Pricing Calculator. 2. Search for “Memorystore” and select the Valkey option if available. 3. Choose your region, tier, and size. 4. Add a small VM for 1 hour of testing.

Example production cost considerations

For production, consider: – At least one highly available deployment (if supported/required). – Larger memory sizing to prevent eviction during peaks. – Multiple environments (prod + staging) and potentially per-region deployments. – Monitoring, alerting, and on-call response time (people cost is real).

---

10. Step-by-Step Hands-On Tutorial

This lab creates a low-cost, private Memorystore for Valkey instance and connects to it from a Compute Engine VM in the same VPC. It focuses on safe, foundational tasks: provisioning, connectivity, basic commands, verification, and cleanup.

Objective

• Provision a Memorystore for Valkey instance on Google Cloud.
• Configure required private connectivity prerequisites (as needed).
• Connect from a VM and run basic Valkey commands (using redis-cli as a compatible client).
• Validate behavior (TTL, atomic counter).
• Clean up all resources to avoid ongoing charges.

Lab Overview

You will: 1. Select a region and VPC network. 2. Enable APIs. 3. Configure private connectivity prerequisites (if required in your region). 4. Create a Memorystore for Valkey instance. 5. Create a Compute Engine VM in the same region/VPC. 6. Install a Valkey/Redis CLI and connect privately. 7. Validate with a few key operations. 8. Troubleshoot common networking/auth problems. 9. Delete resources.

Important: UI labels and exact steps can change. If a screen differs, follow the intent and consult the official docs for Memorystore for Valkey.

---

Step 1: Create or select a Google Cloud project and set defaults

1. In the Google Cloud Console, select an existing project or create a new one: – IAM & Admin → Manage resources → Create Project
2. Open Cloud Shell.

Set your project and choose a region (example uses us-central1; pick one supported by Memorystore for Valkey):

gcloud config set project YOUR_PROJECT_ID
gcloud config set compute/region us-central1
gcloud config set compute/zone us-central1-a

Expected outcome: gcloud config list shows your chosen project/region/zone.

Verification:

gcloud config list

---

Step 2: Enable required APIs

Enable APIs commonly required for this lab:

gcloud services enable compute.googleapis.com
gcloud services enable servicenetworking.googleapis.com

Now enable the Memorystore for Valkey API.

Because the exact service name can differ (and product lines evolve), find it in the console: – APIs & Services → Library – Search for “Memorystore” and “Valkey” – Enable the API referenced by the Memorystore for Valkey documentation for your region.

Expected outcome: APIs show as enabled in APIs & Services → Enabled APIs & services.

Verification:

gcloud services list --enabled | grep -E "compute|servicenetworking|memorystore|valkey" || true

If you don’t see a Valkey-specific API, verify in official docs; Google sometimes uses a shared Memorystore API surface.

---

Step 3: Prepare VPC private connectivity (if required)

Many managed services that expose private IPs require Private Service Access (PSA) using Service Networking.

1. In the console, go to: – VPC network → VPC network peering – Look for an existing peering to servicenetworking-googleapis-com.
2. If none exists, you typically need: – A reserved internal IP range for Google managed services – A private connection (peering) via Service Networking

In Cloud Shell, a common PSA setup pattern looks like this (example range; adjust to avoid conflicts):

NETWORK="default"
RANGE_NAME="psa-managed-services"
RANGE_CIDR="10.10.0.0/16"

gcloud compute addresses create ${RANGE_NAME} \
  --global \
  --purpose=VPC_PEERING \
  --addresses=10.10.0.0 \
  --prefix-length=16 \
  --network=${NETWORK}

gcloud services vpc-peerings connect \
  --service=servicenetworking.googleapis.com \
  --network=${NETWORK} \
  --ranges=${RANGE_NAME}

Expected outcome: a private service connection exists and is in an ACTIVE/CONNECTED state.

Verification:

gcloud services vpc-peerings list --network=${NETWORK} --service=servicenetworking.googleapis.com
gcloud compute addresses list --global --filter="purpose=VPC_PEERING"

If your organization already has PSA configured, do not create overlapping ranges. If the command fails due to existing setup, inspect current ranges and reuse them.

---

Step 4: Create a Memorystore for Valkey instance

Create the instance using the Google Cloud Console (recommended for accuracy when product flags and tiers vary):

1. Go to Google Cloud Console → Memorystore
2. Choose Memorystore for Valkey
3. Click Create instance
4. Configure: – Name: valkey-lab – Region: same as your compute region (e.g., us-central1) – Network: default (or a dedicated VPC) – Tier/Availability: choose the lowest-cost option suitable for a lab (often single node).
   For production, choose HA when available and appropriate. – Capacity/Size: choose the smallest available size for the lab.

Create the instance and wait until status becomes Ready.

Expected outcome: instance shows a private IP address and port (commonly 6379 for Redis/Valkey protocol, but verify the port shown in the console).

Verification: – In the instance details page, note: – Endpoint IP – Port – VPC network – Region – Any authentication/encryption requirements shown

If the console requires additional settings (AUTH, TLS, maintenance window), follow the guided defaults for a lab and record what you chose.

---

Step 5: Create a Compute Engine VM to test connectivity

Create a small Linux VM in the same region and same VPC:

gcloud compute instances create valkey-client-vm \
  --zone="$(gcloud config get-value compute/zone)" \
  --machine-type=e2-micro \
  --subnet=default \
  --scopes=https://www.googleapis.com/auth/cloud-platform

Expected outcome: VM is created and running.

Verification:

gcloud compute instances list --filter="name=valkey-client-vm"

---

Step 6: Install a Valkey/Redis CLI client on the VM

SSH into the VM:

gcloud compute ssh valkey-client-vm --zone="$(gcloud config get-value compute/zone)"

Install redis-cli (package name varies by distro). On Debian/Ubuntu:

sudo apt-get update
sudo apt-get install -y redis-tools
redis-cli --version

Expected outcome: redis-cli is installed.

Many environments use redis-cli to connect to Valkey because Valkey maintains protocol compatibility for common operations. If you need a Valkey-specific CLI, verify in official docs and the Valkey project documentation.

---

Step 7: Connect to the Memorystore for Valkey endpoint (private IP)

From the VM, connect to the endpoint:

VALKEY_IP="YOUR_INSTANCE_PRIVATE_IP"
VALKEY_PORT="YOUR_INSTANCE_PORT"   # often 6379, but use what the console shows

redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" PING

Expected outcome: you receive PONG.

If your instance requires AUTH, you may need:

redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" -a "YOUR_PASSWORD" PING

If your instance requires TLS, you might need:

redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" --tls PING

Whether AUTH/TLS are available/required depends on your Memorystore for Valkey configuration—verify in official docs and in the instance detail page.

---

Step 8: Run basic operations (keys, TTL, atomic counter)

Run these commands from the redis-cli prompt (or as one-liners):

1) Set a key with TTL:

redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" SET cache:hello "world" EX 60
redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" GET cache:hello
redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" TTL cache:hello

Expected outcome: – GET returns world – TTL returns a number <= 60

2) Atomic counter (rate limit / metrics primitive):

redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" DEL counter:requests
redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" INCR counter:requests
redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" INCR counter:requests
redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" GET counter:requests

Expected outcome: counter increments and returns 2.

3) Simple hash (session-like object):

redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" HSET sess:123 user_id 42 role "basic"
redis-cli -h "${VALKEY_IP}" -p "${VALKEY_PORT}" HGETALL sess:123

Expected outcome: returns the field/value pairs.

---

Step 9: Add a firewall sanity check (if needed)

If you can’t connect: – Memorystore endpoints are usually private and controlled by VPC firewall and routing. – Ensure your VM and the Memorystore instance are in the same VPC (and compatible region connectivity). – Check firewall rules allow egress from the VM to the instance IP/port (internal traffic is often allowed by default, but org policies can restrict it).

From the VM, test basic connectivity:

nc -vz "${VALKEY_IP}" "${VALKEY_PORT}"

Expected outcome: “succeeded” / “open” indication.

If nc is missing:

sudo apt-get install -y netcat-openbsd

---

Validation

Use the following checklist:

• [ ] Memorystore for Valkey instance status is Ready.
• [ ] Instance shows a private endpoint IP (and port).
• [ ] VM is in the same VPC/subnet (or has valid routes) and same region or connected network.
• [ ] redis-cli PING returns PONG.
• [ ] Key set/get works.
• [ ] TTL decreases over time.
• [ ] Counter increments atomically.

---

Troubleshooting

Error: Could not connect to Redis at <ip>:<port>: Connection timed out

Common causes and fixes: – Wrong VPC / region mismatch: create the VM in the same VPC and region where the service is reachable. – Private Service Access not configured: complete PSA setup (Step 3) and retry instance creation if required. – Firewall restrictions: review VPC firewall rules and org policies; ensure internal traffic to the instance IP/port is permitted. – Wrong endpoint/port: copy the endpoint from the instance detail page.

Error: (error) NOAUTH Authentication required.

• The instance requires AUTH.
• Use redis-cli -a or configure your app with the correct password/secret.
• Store secrets in Secret Manager rather than in code.

Error: TLS-related connection failures

• If the instance requires TLS, you must use --tls and possibly provide CA/certs depending on configuration.
• Confirm the instance’s connection guidance in the official docs.

Error: Commands rejected / disabled

• Managed services sometimes disable administrative or dangerous commands (CONFIG, DEBUG, etc.).
• Re-check supported commands in the Memorystore for Valkey documentation.

---

Cleanup

To avoid charges, delete resources when done.

1) Exit the VM SSH session:

exit

2) Delete the VM:

gcloud compute instances delete valkey-client-vm \
  --zone="$(gcloud config get-value compute/zone)" --quiet

3) Delete the Memorystore for Valkey instance: – In Console: Memorystore → Memorystore for Valkey → valkey-lab → Delete – Or via CLI if the product provides a gcloud surface (verify in official docs).

4) Optional: remove PSA reserved range and peering only if you created it solely for this lab and your org doesn’t need it:

gcloud services vpc-peerings delete \
  --service=servicenetworking.googleapis.com \
  --network=default

gcloud compute addresses delete psa-managed-services --global --quiet

Be cautious: deleting PSA can break other managed services in the same VPC.

---

11. Best Practices

Architecture best practices

• Treat Memorystore for Valkey as a cache or ephemeral state store, not the system of record.
• Use a cache-aside/read-through pattern: 1. Try cache 2. If miss, read from DB/system of record 3. Populate cache with TTL
• Design for cache failure:
• Your app should degrade gracefully if the cache is unavailable.
• Implement backoff to avoid stampeding your database.

IAM / security best practices

• Use least privilege for admins:
• Separate roles for creating instances vs managing network connectivity.
• Use labels and IAM conditions (where appropriate) to reduce accidental changes.
• Store any credentials in Secret Manager and restrict access to the runtime service account.

Cost best practices

• Keep cache and clients in the same region to minimize latency and egress.
• Keep dev/test instances small and delete when idle.
• Set TTLs; avoid “never expire” unless you fully understand memory growth.
• Watch for eviction: evictions often mean “you’re under-provisioned” or “TTL policy is wrong.”

Performance best practices

• Use connection pooling in apps to reduce connection churn.
• Avoid large values; consider compression or splitting objects.
• Prefer hashes for structured objects to reduce key overhead (benchmark for your workload).
• Avoid expensive commands on large keyspaces (e.g., wildcard scans) unless you know the cost.

Reliability best practices

• Choose HA options for production where available and appropriate.
• Keep timeouts and retries sane:
• Fast timeouts for cache operations.
• Circuit breakers to prevent cascade failures.
• Implement cache warmup strategies cautiously (avoid thundering herd).

Operations best practices

• Create dashboards and alerts for:
• Memory usage and eviction count
• Connections and connection errors
• CPU saturation indicators
• Track application-level cache metrics:
• hit rate / miss rate
• latency distributions
• error rate
• Plan maintenance:
• Understand maintenance windows/behavior in the service docs.
• Run load tests after version upgrades in staging.

Governance / tagging / naming best practices

• Use clear instance names: valkey-<env>-<app>-<region>
• Apply labels: env=prod, team=payments, cost_center=cc123
• Document:
• key naming conventions
• TTL policy per keyspace
• maximum value sizes
• fallback behavior when cache is down

---

12. Security Considerations

Identity and access model

• Management plane: controlled by Google Cloud IAM (who can create/delete/resize).
• Data plane: typically gated by private networking; may also support auth and/or TLS depending on configuration. Verify in official docs.

Encryption

• Encryption at rest: Google Cloud services typically encrypt data at rest by default; confirm specifics for Memorystore for Valkey in the official docs.
• Encryption in transit: if supported, enable TLS for clients; verify supported cipher suites and client configuration requirements.

Network exposure

• Prefer private IP-only deployments.
• Restrict access using:
• VPC firewall rules
• subnet controls
• workload identity/service accounts and network boundaries
• Use VPN/Interconnect for on-prem access if needed, rather than public exposure.

Secrets handling

• Do not hardcode passwords in code or container images.
• Use Secret Manager and mount/inject secrets at runtime.
• Rotate secrets when employees leave or when compromise is suspected.

Audit / logging

• Use Cloud Audit Logs for administrative actions:
• instance creation/deletion
• configuration changes
• Keep audit logs in a centralized logging project if your org uses it.

Compliance considerations

• Cache data can still include PII if you put it there.
• Apply data classification rules:
• Avoid caching sensitive personal data unless absolutely required.
• Use short TTLs and consider tokenization.
• Ensure access is restricted to only the services that need it.

Common security mistakes

• Putting the cache on a network reachable from many unrelated services (“flat network”).
• Over-permissive IAM roles (developers with delete permissions in prod).
• Forgetting that caches can contain sensitive material (tokens, sessions).

Secure deployment recommendations

• Use separate instances per environment (dev/stage/prod).
• Use separate VPCs or at least separate subnets and firewall policies for prod.
• Enable AUTH/TLS if supported and required by your security posture (verify exact support).

---

13. Limitations and Gotchas

This section lists common “managed cache” issues. Confirm service-specific details in the official Memorystore for Valkey docs.

Known limitations (typical)

• Not intended as a durable primary datastore.
• Some administrative commands may be restricted in managed environments.
• Scaling operations can cause brief disruptions or require planning windows.

Quotas

• Instance count per project/region.
• Maximum memory size per instance.
• Connection limits and throughput constraints. Check Quotas and the service documentation.

Regional constraints

• Not all regions may support Memorystore for Valkey or all tiers.
• Some features (HA, encryption in transit) may be region/tier dependent.

Pricing surprises

• Running multiple always-on instances across environments.
• Cross-region network egress if clients are not co-located.
• Forgotten dev instances left running.

Compatibility issues

• Client compatibility: most Redis clients work, but confirm:
• supported commands
• any disabled commands
• version differences
• Lua scripting/module support may be limited or unsupported—verify.

Operational gotchas

• Memory eviction can silently degrade correctness if the app assumes keys always exist.
• Cache stampede can overload the system of record when cache misses spike.
• Long-lived connections without keepalives can fail under network changes—use sane reconnect logic.

Migration challenges

• Migrating from self-managed Redis/Valkey may require:
• dump/restore or application-level warmup
• TTL preservation strategy
• keyspace compatibility validation
• Migrating from Memorystore for Redis to Memorystore for Valkey:
• verify version/command compatibility
• plan cutover to avoid session loss (or accept it if it’s a cache)

Vendor-specific nuances

• Private connectivity prerequisites (PSA/peering) are often the #1 stumbling block.
• Maintenance behavior and failover timing are service-defined—review docs before production rollout.

---

14. Comparison with Alternatives

Memorystore for Valkey is one option in the Databases toolkit on Google Cloud. Here are common alternatives.

Alternatives in Google Cloud

• Memorystore for Redis: managed Redis engine (different from Valkey, but similar usage).
• Memorystore for Memcached: simpler cache with no persistence and different semantics.
• Cloud SQL / Spanner / Firestore: systems of record (not caches).
• Bigtable: wide-column datastore for high throughput, not an in-memory cache.

Alternatives in other clouds

• AWS ElastiCache (Redis engine; AWS also supports Valkey in some contexts—verify current offerings).
• Azure Cache for Redis (Redis engine, managed).
• These are good comparisons for multi-cloud decision-making, but service details differ.

Open-source / self-managed alternatives

• Run Valkey on:
• Compute Engine VMs (manual/automated)
• GKE (StatefulSets with persistent volumes)
• Pros: full control, custom modules, specialized tuning.
• Cons: operations, patching, HA, backups, incident response burden.

Comparison table

Option	Best For	Strengths	Weaknesses	When to Choose
Memorystore for Valkey (Google Cloud)	Managed Valkey-based caching and ephemeral state	Managed ops, private VPC access, fast latency, integrates with Google Cloud tooling	Not a system of record; some features/commands may be restricted; region/tier limits	You want managed Valkey on Google Cloud with minimal ops
Memorystore for Redis (Google Cloud)	Teams standardized on Redis engine	Mature managed Redis option, similar client ecosystem	Engine choice differs from Valkey; feature set differs by product/version	You need Redis engine specifically or your org already uses it
Memorystore for Memcached (Google Cloud)	Simple, distributed cache with minimal features	Very simple, good for pure caching	No rich data structures like Valkey/Redis; different client model	You only need a basic cache and simplicity matters
Self-managed Valkey on GKE/VMs	Full control and customization	Full control over config/modules, topology, versions	Highest ops burden; harder HA and upgrades	You require custom features or cannot use managed service constraints
Cloud SQL / Spanner / Firestore	Durable primary storage	Strong durability, query capabilities, transactions (varies)	Slower than in-memory; higher latency and cost per request for cache-like loads	You need a system of record, not a cache
AWS ElastiCache / Azure Cache for Redis	Non-Google Cloud environments	Managed caching on those clouds	Different networking/IAM/pricing; migration complexity	You are on AWS/Azure or doing multi-cloud

---

15. Real-World Example

Enterprise example: Global e-commerce platform

Problem A retail platform experiences high load on its product catalog database during promotions. Product pages and search results trigger repeated reads with similar parameters, leading to database saturation and increased latency.

Proposed architecture – System of record: Cloud SQL or Spanner (depending on scale/consistency needs) – Cache: Memorystore for Valkey in the same region as app compute – Application tier: GKE services – Pattern: cache-aside with TTL and stampede protection

Why Memorystore for Valkey was chosen – Private VPC endpoint reduces exposure. – Managed operations reduce the need for the SRE team to operate cache clusters. – Valkey’s data structures support caching, counters, and short-lived locks for request coalescing.

Expected outcomes – Lower database QPS during peak events. – Improved p95/p99 latency for product endpoints. – Reduced operational toil and faster scaling for cache capacity.

---

Startup/small-team example: SaaS analytics dashboard

Problem A small team serves dashboards that aggregate recent activity. Queries are expensive; users frequently reload pages, generating redundant compute and database reads.

Proposed architecture – Backend on Cloud Run – Memorystore for Valkey accessed via Serverless VPC Access – Cache keys include tenant + query hash, TTL 30–120 seconds – Background jobs pre-warm popular queries

Why Memorystore for Valkey was chosen – Quick provisioning without operating stateful clusters. – Predictable low latency for common dashboard queries. – Easy to implement TTL-based caching without changing the system of record.

Expected outcomes – Reduced compute and database costs. – Faster dashboard load times. – Better user experience without overengineering.

---

16. FAQ

1) Is Memorystore for Valkey a database or a cache?

It’s in the Databases category on Google Cloud, but functionally it’s best treated as an in-memory datastore for caching and ephemeral state—not as a durable primary database.

2) What is Valkey?

Valkey is an open-source, community-driven in-memory key-value datastore that is protocol-compatible with Redis for many use cases. See the Valkey project for engine details: https://valkey.io/

3) Can I use my existing Redis client libraries?

Often yes, because Valkey is designed to be compatible with the Redis protocol for common operations. You must still validate command compatibility and any managed-service restrictions.

4) Does Memorystore for Valkey support TLS?

It may, depending on tier/feature availability. Check the instance’s connection settings and the official docs for “in-transit encryption” or TLS guidance.

5) Does it support AUTH/password authentication?

It may, depending on configuration. If enabled, store secrets in Secret Manager and rotate them periodically.

6) Is Memorystore for Valkey accessible from the public internet?

Typically, managed Memorystore endpoints are designed for private VPC access. Public exposure is generally not recommended. Verify official docs for supported connectivity models.

7) Can Cloud Run connect to Memorystore for Valkey?

Commonly yes using Serverless VPC Access to reach private IPs. Verify the supported networking pattern for your region and configure the connector/subnet accordingly.

8) How do I choose an instance size?

Start from: – expected working set size (hot keys in memory) – value sizes and overhead – peak QPS and connection count Then load test, observe eviction and latency, and resize accordingly.

9) What happens if the cache goes down?

Your application should fall back to the system of record (database) and degrade gracefully. Add circuit breakers and request coalescing to avoid stampedes.

10) Is Memorystore for Valkey suitable for storing sessions?

Yes, sessions are a common use case. Use TTLs, key namespaces, and plan for cache loss (sessions may be invalidated if cache is flushed or lost).

11) Can I run pub/sub workloads on it?

Valkey/Redis pub/sub can work for ephemeral signaling, but it is not a durable messaging system. For durable messaging, use Pub/Sub.

12) How do I monitor cache health?

Use Cloud Monitoring dashboards/alerts plus application-level metrics (hit rate, latency, error rate). Also monitor evictions and memory pressure.

13) How do I prevent cache stampede?

Use short-lived locks, request coalescing, jittered TTLs, and “stale-while-revalidate” approaches when appropriate.

14) Does Memorystore for Valkey support persistence or backups?

Some managed cache offerings support persistence features, but availability and behavior can differ. Verify in official docs for Memorystore for Valkey persistence/backups (if offered) and do not rely on it as your sole durability mechanism.

15) What is the difference between Memorystore for Valkey and Memorystore for Redis?

They use different underlying engines (Valkey vs Redis). Feature sets, versions, and support policies can differ. Choose based on engine preference, compatibility requirements, and Google Cloud’s documented capabilities.

16) Can I use it across regions?

Technically you can connect across regions if networking allows, but it increases latency and can incur egress charges. Prefer same-region deployments.

17) Is it suitable for distributed locks?

It can be used with careful patterns, but distributed locking is easy to get wrong. Validate correctness, consider failure modes, and prefer purpose-built coordination systems when required.

---

17. Top Online Resources to Learn Memorystore for Valkey

Resource Type	Name	Why It Is Useful
Official documentation	Memorystore documentation (entry point) – https://cloud.google.com/memorystore/docs	Starting point for Memorystore products, concepts, and operational guidance
Official documentation	Memorystore for Valkey docs (product-specific) – Verify in official docs	The authoritative source for Valkey-specific features, connection methods, and limits
Official pricing	Memorystore pricing – https://cloud.google.com/memorystore/pricing	Official SKUs and pricing model
Official calculator	Google Cloud Pricing Calculator – https://cloud.google.com/products/calculator	Build region-accurate cost estimates
Official networking	Private Service Access / Service Networking – https://cloud.google.com/vpc/docs/private-services-access	Common prerequisite for private managed services connectivity
Official observability	Cloud Monitoring – https://cloud.google.com/monitoring/docs	Metrics, dashboards, and alerting patterns
Official logging/audit	Cloud Audit Logs – https://cloud.google.com/logging/docs/audit	Track administrative actions for governance and security
Architecture guidance	Google Cloud Architecture Center – https://cloud.google.com/architecture	Reference architectures; search for caching patterns and Memorystore
Engine docs	Valkey official site – https://valkey.io/	Engine behavior, command reference direction, ecosystem links
Community/learning	Redis CLI usage reference (general) – verify current docs	Practical CLI patterns apply to Valkey for many commands

---

18. Training and Certification Providers

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	DevOps engineers, SREs, platform teams	Google Cloud operations, DevOps tooling, cloud labs (check course catalog)	check website	https://www.devopsschool.com/
ScmGalaxy.com	Beginners to intermediate engineers	DevOps fundamentals, SCM, cloud basics, hands-on practices	check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud ops practitioners	Operations, monitoring, reliability, cloud runbooks	check website	https://www.cloudopsnow.in/
SreSchool.com	SREs, operations teams	SRE principles, monitoring/alerting, incident response, reliability engineering	check website	https://www.sreschool.com/
AiOpsSchool.com	Ops teams adopting AIOps	AIOps concepts, automation, observability-driven operations	check website	https://www.aiopsschool.com/

---

19. Top Trainers

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	DevOps/cloud training content (verify offerings)	Beginners to working engineers	https://www.rajeshkumar.xyz/
devopstrainer.in	DevOps training and workshops (verify offerings)	DevOps engineers, students	https://www.devopstrainer.in/
devopsfreelancer.com	Freelance DevOps help/training resources (verify offerings)	Teams needing short-term guidance	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and enablement resources (verify offerings)	Ops teams and SMBs	https://www.devopssupport.in/

---

20. Top Consulting Companies

Company	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	Cloud/DevOps consulting (verify exact services)	Architecture, implementation, migration planning	Cache architecture review; VPC/private connectivity setup; performance tuning	https://www.cotocus.com/
DevOpsSchool.com	DevOps consulting and training (verify exact services)	Enablement, platform practices, cloud ops	Building reference architectures; CI/CD enablement; SRE practices around managed caches	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting (verify exact services)	Cloud adoption, operational maturity	Designing monitoring/alerting; governance/IAM; production readiness reviews	https://www.devopsconsulting.in/

---

21. Career and Learning Roadmap

What to learn before Memorystore for Valkey

• Google Cloud fundamentals:
• Projects, billing, IAM
• VPC networking, subnets, firewall rules
• Basic Linux and CLI skills (Cloud Shell, SSH)
• Caching concepts:
• TTL, eviction, cache-aside/read-through
• cache stampede and thundering herd
• Basic app performance:
• latency, p95/p99, connection pooling

What to learn after Memorystore for Valkey

• Production reliability engineering:
• SLOs/SLIs for cache hit rate and latency
• incident response and postmortems
• Advanced Google Cloud networking:
• Private Service Access vs Private Service Connect (understand which applies)
• Hybrid connectivity (VPN/Interconnect)
• Observability:
• Cloud Monitoring alert design
• log-based metrics and tracing (Cloud Trace / OpenTelemetry)
• Data architecture:
• choosing the right system of record (Spanner, Cloud SQL, Firestore)
• designing cache invalidation strategies

Job roles that use it

• Cloud Engineer / Platform Engineer
• SRE / Production Engineer
• Backend Engineer / API Engineer
• Solutions Architect
• DevOps Engineer

Certification path (Google Cloud)

Google Cloud certifications change. Commonly relevant ones include: – Associate Cloud Engineer – Professional Cloud Architect – Professional Cloud DevOps Engineer

For the latest list: https://cloud.google.com/learn/certification

Project ideas for practice

• Build a read-through cache for a simple product catalog API (Cloud Run + Cloud SQL + Memorystore for Valkey).
• Implement rate limiting middleware using atomic counters.
• Build a leaderboard microservice using sorted sets.
• Add cache stampede protection and measure DB load reduction.
• Create dashboards and alerts for eviction rate and cache hit ratio (app metrics + Cloud Monitoring).

---

22. Glossary

• Valkey: Open-source in-memory key-value datastore compatible with the Redis protocol for many use cases.
• Cache-aside: Application pattern where the app checks cache first; on miss it reads from DB and populates cache.
• TTL (Time To Live): Expiration time for a key; after TTL elapses the key is removed.
• Eviction: When the datastore removes keys to free memory (often due to max memory constraints and eviction policy).
• Private IP: Internal IP address reachable only within a VPC (or connected networks).
• VPC (Virtual Private Cloud): Private network construct in Google Cloud where subnets, routes, and firewall rules live.
• Private Service Access (PSA): A private networking method to access Google-managed services over internal IPs (often via service networking peering).
• Service Networking API: Google API used to configure private service connections/peering for managed services.
• Control plane: Management layer (create/resize/delete) governed by IAM and APIs.
• Data plane: The actual traffic path for Valkey commands (GET/SET, etc.).
• p95/p99 latency: 95th/99th percentile latency; important for user-perceived performance.
• Stampede / Thundering herd: Many requests concurrently recompute/fetch data due to cache miss, overloading systems.
• System of record: Primary durable database where authoritative data is stored (Cloud SQL, Spanner, Firestore, etc.).
• Serverless VPC Access: Mechanism for Cloud Run/functions to reach resources with private IPs in a VPC.

---

23. Summary

Memorystore for Valkey is Google Cloud’s managed Valkey-based in-memory datastore service in the Databases category. It is designed for low-latency caching and ephemeral state—helping teams reduce database load, speed up APIs, and simplify operations compared to self-managed Valkey clusters.

Architecturally, it fits as a private, VPC-accessible cache in front of a durable system of record. Cost is primarily driven by provisioned capacity, tier/availability configuration, and how many instances you keep running—plus potential network egress if you connect across regions. From a security standpoint, prioritize private networking, least-privilege IAM for administrative access, and (when supported) enable data-plane protections like AUTH/TLS and store secrets in Secret Manager.

Use Memorystore for Valkey when you need fast key-value operations with managed operations on Google Cloud. Avoid using it as your primary durable datastore. As a next step, build a small service that implements a cache-aside pattern (Cloud Run or GKE) and add monitoring/alerts for eviction rate and latency so you can operate it like a production-grade platform component.